org.eclipse.microprofile.jwt.tck.util.TokenUtils Java Examples

The following examples show how to use org.eclipse.microprofile.jwt.tck.util.TokenUtils. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: PublicKeyAsPEMLocationURLTest.java    From microprofile-jwt-auth with Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_CONFIG, dependsOnMethods = { "validateLocationUrlContents" },
    description = "Validate specifying the mp.jwt.verify.publickey.location as remote URL to a PEM key")
public void testKeyAsLocationUrl() throws Exception {
    Reporter.log("testKeyAsLocationUrl, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "/privateKey4k.pem";
    HashMap<String, Long> timeClaims = new HashMap<>();
    String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1.json", null, timeClaims);

    String uri = baseURL.toExternalForm() + "pem/endp/verifyKeyLocationAsPEMUrl";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        ;
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example #2
Source File: PublicKeyAsPEMLocationTest.java    From tomee with Apache License 2.0 6 votes vote down vote up
@RunAsClient
@OperateOnDeployment("testApp")
@Test(groups = TEST_GROUP_CONFIG, dependsOnMethods = { "validateLocationUrlContents" },
        description = "Validate specifying the mp.jwt.verify.publickey.location as remote URL to a PEM key")
public void testKeyAsLocationUrl() throws Exception {
    Reporter.log("testKeyAsLocationUrl, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "/privateKey4k.pem";
    HashMap<String, Long> timeClaims = new HashMap<>();
    String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1.json", null, timeClaims);

    String uri = baseURL.toExternalForm() + "pem/endp/verifyKeyLocationAsPEMUrl";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
                                                .target(uri)
            ;
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer " + token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example #3
Source File: InvalidTokenTest.java    From microprofile-jwt-auth with Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_JAXRS,
    description = "Validate a request with an non-matching issuer fails with HTTP_UNAUTHORIZED")
public void callEchoBadIssuer() throws Exception {
    HashSet<TokenUtils.InvalidClaims> invalidFields = new HashSet<>();
    invalidFields.add(TokenUtils.InvalidClaims.ISSUER);
    String token = TokenUtils.generateTokenString("/Token1.json", invalidFields);
    System.out.printf("jwt: %s\n", token);

    String uri = baseURL.toExternalForm() + "endp/echo";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam("input", "hello")
        ;
    Response response = echoEndpointTarget.request(TEXT_PLAIN).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_UNAUTHORIZED);
    String reply = response.readEntity(String.class);
    System.out.printf("Reply: %s\n", reply);
}
 
Example #4
Source File: EmptyTokenTest.java    From microprofile-jwt-auth with Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_JAXRS,
      description = "Validate that a token sent to an unauthenticated / unauthorized endpoint is verified and " +
                    "injected as non-empty")
public void validToken() throws Exception {
    String token = TokenUtils.generateTokenString("/Token1.json");
    String uri = baseURL.toExternalForm() + "endp/verifyNonEmptyToken";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
                                                .target(uri)
                                                .queryParam("input", "hello");
    Response response = echoEndpointTarget
        .request(TEXT_PLAIN)
        .header(HttpHeaders.AUTHORIZATION, "Bearer " + token)
        .get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Assert.assertTrue(reply.getBoolean("pass"));
}
 
Example #5
Source File: JsonValueInjectionTest.java    From microprofile-jwt-auth with Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_CDI_JSON,
    description = "Verify that the injected aud claim is as expected from Token2")
public void verifyInjectedAudience2() throws Exception {
    Reporter.log("Begin verifyInjectedAudience2\n");
    String token2 = TokenUtils.generateTokenString("/Token2.json");
    String uri = baseURL.toExternalForm() + "endp/verifyInjectedAudience";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam(Claims.aud.name(), "s6BhdRkqt3.2")
        .queryParam(Claims.auth_time.name(), authTimeClaim);
    Response response = echoEndpointTarget.request(MediaType.APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer " + token2).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example #6
Source File: JsonValueInjectionTest.java    From microprofile-jwt-auth with Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_CDI_JSON,
    description = "Verify that the injected iat claim is as expected from Token2")
public void verifyInjectedIssuedAt2() throws Exception {
    Reporter.log("Begin verifyInjectedIssuedAt2\n");
    HashMap<String, Long> timeClaims = new HashMap<>();
    String token2 = TokenUtils.generateTokenString("/Token2.json", null, timeClaims);
    Long iatClaim = timeClaims.get(Claims.auth_time.name());
    Long authTimeClaim = timeClaims.get(Claims.auth_time.name());
    String uri = baseURL.toExternalForm() + "endp/verifyInjectedIssuedAt";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam(Claims.iat.name(), iatClaim)
        .queryParam(Claims.auth_time.name(), authTimeClaim);
    Response response = echoEndpointTarget.request(MediaType.APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer " + token2).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example #7
Source File: TestTokenRequireSub.java    From smallrye-jwt with Apache License 2.0 6 votes vote down vote up
@Test(groups = TEST_GROUP_JWT, description = "no sub validation")
public void noSubValidation() throws Exception {
    HashMap<String, Long> timeClaims = new HashMap<>();
    String token = TokenUtils.generateTokenString("/TokenSubPath.json", null, timeClaims);
    PublicKey publicKey = TokenUtils.readPublicKey("/publicKey.pem");
    if (publicKey == null) {
        throw new IllegalStateException("Failed to load /publicKey.pem resource");
    }

    JWTAuthContextInfo contextInfo = new JWTAuthContextInfo((RSAPublicKey) publicKey, TEST_ISSUER);
    contextInfo.setRequireNamedPrincipal(false);
    JWTCallerPrincipalFactory factory = JWTCallerPrincipalFactory.instance();
    JsonWebToken jwt = factory.parse(token, contextInfo);
    String sub = jwt.getSubject();
    Assert.assertNull(sub);
}
 
Example #8
Source File: PublicKeyAsPEMTest.java    From microprofile-jwt-auth with Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
    description = "Validate that the embedded PEM key is used to sign the JWT")
public void testKeyAsPEM() throws Exception {
    Reporter.log("testKeyAsPEM, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "/privateKey4k.pem";
    HashMap<String, Long> timeClaims = new HashMap<>();
    String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1.json", null, timeClaims);

    String uri = baseURL.toExternalForm() + "endp/verifyKeyAsPEM";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        ;
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example #9
Source File: AbstractJWKSTest.java    From microprofile-jwt-auth with Apache License 2.0 6 votes vote down vote up
/**
 * Loads the signer-keypair.jwk resource that was generated using https://mkjwk.org
 * and returns the private key
 *
 * @return the private key from the key pair
 */
static PrivateKey loadPrivateKey() throws Exception {
    String jwk = TokenUtils.readResource("/signer-keypair.jwk");
    RsaJsonWebKey rsaJsonWebKey = (RsaJsonWebKey) JsonWebKey.Factory.newJwk(jwk);
    RSAPublicKey pk = rsaJsonWebKey.getRsaPublicKey();
    String e = new String(Base64.getUrlEncoder().withoutPadding().encode(pk.getPublicExponent().toByteArray()));
    byte[] nbytes = pk.getModulus().toByteArray();
    if(nbytes[0] == 0 && nbytes.length > 1) {
        byte[] tmp = new byte[nbytes.length-1];
        System.arraycopy(nbytes, 1, tmp, 0, tmp.length);
        nbytes = tmp;
    }
    String n = new String(Base64.getUrlEncoder().withoutPadding().encode(nbytes));
    System.out.printf("e: %s\n", e);
    System.out.printf("n: %s\n", n);
    n = BigEndianBigInteger.toBase64Url(pk.getModulus());
    System.out.printf("n: %s\n", n);
    return rsaJsonWebKey.getRsaPrivateKey();
}
 
Example #10
Source File: ECPublicKeyAsPEMTest.java    From microprofile-jwt-auth with Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
    description = "Validate that the embedded PEM key is used to sign the JWT")
public void testKeyAsPEM() throws Exception {
    Reporter.log("testKeyAsPEM, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readECPrivateKey("/ecPrivateKey.pem");
    String kid = "/ecPrivateKey.pem";
    String token = TokenUtils.signClaims(privateKey, kid, "/Token1.json");

    String uri = baseURL.toExternalForm() + "endp/verifyKeyAsPEM";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        ;
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example #11
Source File: PublicKeyAsJWKTest.java    From microprofile-jwt-auth with Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
    description = "Validate that the embedded JWKS key is used to verify the JWT signature")
public void testKeyAsJWK() throws Exception {
    Reporter.log("testKeyAsJWK, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "publicKey4k";
    HashMap<String, Long> timeClaims = new HashMap<>();
    String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1.json", null, timeClaims);

    String uri = baseURL.toExternalForm() + "jwks/endp/verifyKeyAsJWK";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam("kid", kid)
        ;
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example #12
Source File: PrivateKeyAsJWKSClasspathTest.java    From microprofile-jwt-auth with Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
    description = "Validate specifying the mp.jwt.decrypt.key.location as resource path to a JWKS key")
public void testKeyAsLocation() throws Exception {
    Reporter.log("testKeyAsLocation, expect HTTP_OK");

    PublicKey publicKey = TokenUtils.readJwkPublicKey("/encryptorPublicKey.jwk");
    String kid = "mp-jwt-set";
    String token = TokenUtils.encryptClaims(publicKey, kid, "/Token1.json");

    String uri = baseURL.toExternalForm() + "jwks/endp/verifyKeyLocationAsJWKSResource";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam("kid", kid);
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example #13
Source File: TokenAsCookieTest.java    From microprofile-jwt-auth with Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_JAXRS,
      description = "Validate a request with a valid JWT in a Cookie with default name")
public void validJwt() throws Exception {
    String token = TokenUtils.generateTokenString("/Token1.json");

    String uri = baseURL.toExternalForm() + "endp/echo";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
                                                .target(uri)
                                                .queryParam("input", "hello");
    Response response = echoEndpointTarget
        .request(TEXT_PLAIN)
        .cookie("Bearer", token)
        .get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String reply = response.readEntity(String.class);
    Assert.assertEquals(reply, "hello, [email protected]");
}
 
Example #14
Source File: ECPublicKeyAsJWKLocationTest.java    From microprofile-jwt-auth with Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
    description = "Validate specifying the mp.jwt.verify.publickey.location as resource path to a JWK key")
public void testKeyAsLocation() throws Exception {
    Reporter.log("testKeyAsLocation, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readECPrivateKey("/ecPrivateKey.pem");
    String kid = "eckey";
    String token = TokenUtils.signClaims(privateKey, kid, "/Token1.json");

    String uri = baseURL.toExternalForm() + "jwks/endp/verifyKeyLocationAsJWKResource";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam("kid", kid)
        ;
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example #15
Source File: PublicKeyAsPEMLocationURLTest.java    From microprofile-jwt-auth with Apache License 2.0 6 votes vote down vote up
@RunAsClient()
@Test(groups = TEST_GROUP_CONFIG,
    description = "Validate the http://localhost:8080/pem/endp/publicKey4k PEM endpoint")
public void validateLocationUrlContents() throws Exception {
    URL locationURL = new URL(baseURL, "pem/endp/publicKey4k");
    Reporter.log("Begin validateLocationUrlContents");

    StringWriter content = new StringWriter();
    try(BufferedReader reader = new BufferedReader(new InputStreamReader(locationURL.openStream()))) {
        String line = reader.readLine();
        while(line != null) {
            content.write(line);
            content.write('\n');
            line = reader.readLine();
        }
    }
    Reporter.log("Received: "+content);
    String expected = TokenUtils.readResource("/publicKey4k.pem");
    Assert.assertEquals(content.toString(), expected);
}
 
Example #16
Source File: PublicKeyAsJWKLocationURLTest.java    From microprofile-jwt-auth with Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_CONFIG, dependsOnMethods = { "validateLocationUrlContents" },
    description = "Validate specifying the mp.jwt.verify.publickey.location as remote URL to a JWKS key")
public void testKeyAsLocationUrl() throws Exception {
    Reporter.log("testKeyAsLocationUrl, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "publicKey4k";
    HashMap<String, Long> timeClaims = new HashMap<>();
    String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1.json", null, timeClaims);

    String uri = baseURL.toExternalForm() + "jwks/endp/verifyKeyLocationAsJWKSUrl";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam("kid", kid)
        ;
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example #17
Source File: PublicKeyAsJWKSLocationTest.java    From microprofile-jwt-auth with Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
    description = "Validate specifying the mp.jwt.verify.publickey.location as resource path to a JWKS key")
public void testKeyAsLocation() throws Exception {
    Reporter.log("testKeyAsLocation, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "publicKey4k";
    HashMap<String, Long> timeClaims = new HashMap<>();
    String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1.json", null, timeClaims);

    String uri = baseURL.toExternalForm() + "jwks/endp/verifyKeyLocationAsJWKSResource";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam("kid", kid)
        ;
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example #18
Source File: TokenAsCookieIgnoredTest.java    From microprofile-jwt-auth with Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
      description = "Validate a request with a valid JWT in a Cookie but no Token Header set fails with " +
                    "HTTP_UNAUTHORIZED")
public void noTokenHeaderSetToCookie() throws Exception {
    String token = TokenUtils.generateTokenString("/Token1.json");

    String uri = baseURL.toExternalForm() + "endp/echo";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
                                                .target(uri)
                                                .queryParam("input", "hello");
    Response response = echoEndpointTarget
        .request(TEXT_PLAIN)
        .cookie("jwt", token)
        .get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_UNAUTHORIZED);
}
 
Example #19
Source File: TokenAsCookieIgnoredTest.java    From microprofile-jwt-auth with Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_JAXRS,
      description = "Validate a request with a valid JWT")
public void validJwt() throws Exception {
    String token = TokenUtils.generateTokenString("/Token1.json");

    String uri = baseURL.toExternalForm() + "endp/echo";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
                                                .target(uri)
                                                .queryParam("input", "hello");
    Response response = echoEndpointTarget
        .request(TEXT_PLAIN)
        .header(HttpHeaders.AUTHORIZATION, "Bearer " + token)
        .get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String reply = response.readEntity(String.class);
    Assert.assertEquals(reply, "hello, [email protected]");
}
 
Example #20
Source File: PublicKeyAsJWKLocationTest.java    From microprofile-jwt-auth with Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
    description = "Validate specifying the mp.jwt.verify.publickey.location as resource path to a JWK key")
public void testKeyAsLocation() throws Exception {
    Reporter.log("testKeyAsLocation, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "publicKey4k";
    HashMap<String, Long> timeClaims = new HashMap<>();
    String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1.json", null, timeClaims);

    String uri = baseURL.toExternalForm() + "jwks/endp/verifyKeyLocationAsJWKResource";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam("kid", kid)
        ;
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example #21
Source File: JsonValueInjectionTest.java    From microprofile-jwt-auth with Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_CDI_JSON,
    description = "Verify that the injected customInteger claim is as expected from Token2")
public void verifyInjectedCustomInteger2() throws Exception {
    Reporter.log("Begin verifyInjectedCustomInteger2\n");
    String token2 = TokenUtils.generateTokenString("/Token2.json");
    String uri = baseURL.toExternalForm() + "endp/verifyInjectedCustomInteger";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam("value", 1234567892)
        .queryParam(Claims.auth_time.name(), authTimeClaim);
    Response response = echoEndpointTarget.request(MediaType.APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer " + token2).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example #22
Source File: ECPublicKeyAsPEMLocationTest.java    From microprofile-jwt-auth with Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
    description = "Validate specifying the mp.jwt.verify.publickey.location is a resource location of a PEM EC public key")
public void testKeyAsLocationResource() throws Exception {
    Reporter.log("testKeyAsLocationResource, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readECPrivateKey("/ecPrivateKey.pem");
    String kid = "/ecPrivateKey.pem";
    String token = TokenUtils.signClaims(privateKey, kid, "/Token1.json");

    String uri = baseURL.toExternalForm() + "pem/endp/verifyKeyLocationAsPEMResource";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        ;
    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example #23
Source File: CookieTokenTest.java    From microprofile-jwt-auth with Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_JAXRS,
      description = "Validate a request with a valid JWT in a Cookie")
public void validCookieJwt() throws Exception {
    String token = TokenUtils.generateTokenString("/Token1.json");

    String uri = baseURL.toExternalForm() + "endp/echo";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
                                                .target(uri)
                                                .queryParam("input", "hello");
    Response response = echoEndpointTarget
        .request(TEXT_PLAIN)
        .cookie("jwt", token)
        .get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String reply = response.readEntity(String.class);
    Assert.assertEquals(reply, "hello, [email protected]");
}
 
Example #24
Source File: CookieTokenTest.java    From microprofile-jwt-auth with Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_JAXRS,
      description = "Validate a request with a different Cookie name from the one configured fais with " +
                    "HTTP_UNAUTHORIZED")
public void wrongCookieName() throws Exception {
    String token = TokenUtils.generateTokenString("/Token1.json");

    String uri = baseURL.toExternalForm() + "endp/echo";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
                                                .target(uri)
                                                .queryParam("input", "hello");
    Response response = echoEndpointTarget
        .request(TEXT_PLAIN)
        .cookie("Bearer", token)
        .get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_UNAUTHORIZED);
}
 
Example #25
Source File: ExpClaimAllowMissingExpValidationTest.java    From tomee with Apache License 2.0 6 votes vote down vote up
@Ignore
@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
    description = "Validate the the expiration timestamp is checked")
public void testNoExpClaimToken() throws Exception {
    Reporter.log("testKeyAsPEM, expect HTTP_OK");

    PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    String kid = "/privateKey4k.pem";
    HashMap<String, Long> timeClaims = new HashMap<>();
    String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1NoExp.json", Collections.singleton(TokenUtils.InvalidClaims.EXP), timeClaims);

    String uri = baseURL.toExternalForm() + "endp/verifyKeyLocationAsPEMResource";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        ;

    Response response = echoEndpointTarget.request(APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example #26
Source File: InvalidTokenTest.java    From microprofile-jwt-auth with Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_JAXRS,
    description = "Validate a request with an incorrect signature algorithm fails with HTTP_UNAUTHORIZED")
public void callEchoBadSignerAlg() throws Exception {
    HashSet<TokenUtils.InvalidClaims> invalidFields = new HashSet<>();
    invalidFields.add(TokenUtils.InvalidClaims.ALG);
    String token = TokenUtils.generateTokenString("/Token1.json", invalidFields);
    System.out.printf("jwt: %s\n", token);

    String uri = baseURL.toExternalForm() + "endp/echo";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam("input", "hello")
        ;
    Response response = echoEndpointTarget.request(TEXT_PLAIN).header(HttpHeaders.AUTHORIZATION, "Bearer "+token).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_UNAUTHORIZED);
    String reply = response.readEntity(String.class);
    System.out.printf("Reply: %s\n", reply);
}
 
Example #27
Source File: RolesAllowedTest.java    From microprofile-jwt-auth with Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_JAXRS, 
    description = "Validate a request with MP-JWT without a groups claim succeeds with HTTP_OK}")
public void callEchoNoGroups() throws Exception {
    Reporter.log("callEcho, expect HTTP_OK");

    String tokenNoGroups = TokenUtils.generateTokenString("/TokenNoGroups.json");

    String uri = baseURL.toExternalForm() + "endp/echo-permit-all";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam("input", "hello")
        ;
    Response response = echoEndpointTarget.request(TEXT_PLAIN).header(HttpHeaders.AUTHORIZATION, "Bearer "+tokenNoGroups).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String reply = response.readEntity(String.class);
    // Must return hello, permitAll, user={token upn claim}
    Assert.assertEquals(reply, "hello, permitAll, [email protected]");
}
 
Example #28
Source File: RolesAllowedTest.java    From microprofile-jwt-auth with Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_CONFIG,
      description = "Validate a request with a valid JWT in a Cookie but no Token Header set fails with " +
                    "HTTP_UNAUTHORIZED")
public void noTokenHeaderSetToCookie() throws Exception {
    String token = TokenUtils.generateTokenString("/Token1.json");

    String uri = baseURL.toExternalForm() + "endp/echo";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
                                                .target(uri)
                                                .queryParam("input", "hello");
    Response response = echoEndpointTarget
        .request(TEXT_PLAIN)
        .cookie("Bearer", token)
        .get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_UNAUTHORIZED);
}
 
Example #29
Source File: JsonValueInjectionTest.java    From microprofile-jwt-auth with Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_CDI_JSON,
    description = "Verify that the injected customString claim is as expected from Token2")
public void verifyInjectedCustomString2() throws Exception {
    Reporter.log("Begin verifyInjectedCustomString2\n");
    String token2 = TokenUtils.generateTokenString("/Token2.json");
    String uri = baseURL.toExternalForm() + "endp/verifyInjectedCustomString";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam("value", "customStringValue2")
        .queryParam(Claims.auth_time.name(), authTimeClaim);
    Response response = echoEndpointTarget.request(MediaType.APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer " + token2).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}
 
Example #30
Source File: JsonValueInjectionTest.java    From microprofile-jwt-auth with Apache License 2.0 6 votes vote down vote up
@RunAsClient
@Test(groups = TEST_GROUP_CDI_JSON,
    description = "Verify that the injected raw token claim is as expected from Token2")
public void verifyInjectedRawToken2() throws Exception {
    Reporter.log("Begin verifyInjectedRawToken2\n");
    String token2 = TokenUtils.generateTokenString("/Token2.json");
    String uri = baseURL.toExternalForm() + "endp/verifyInjectedRawToken";
    WebTarget echoEndpointTarget = ClientBuilder.newClient()
        .target(uri)
        .queryParam(Claims.raw_token.name(), token2)
        .queryParam(Claims.auth_time.name(), authTimeClaim);
    Response response = echoEndpointTarget.request(MediaType.APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer " + token2).get();
    Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
    String replyString = response.readEntity(String.class);
    JsonReader jsonReader = Json.createReader(new StringReader(replyString));
    JsonObject reply = jsonReader.readObject();
    Reporter.log(reply.toString());
    Assert.assertTrue(reply.getBoolean("pass"), reply.getString("msg"));
}